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(54) System and method for viewing message attachments 



(57) Methods and systems for handling attachments 
on wireless mobile communication devices. An attach- 
ment provided with a secure message is received at a 
message server. The secure message itself was re- 



ceived by the server as an attachment. The secure mes- 
sage is processed in order to locate within the secure 
message the requested attachment. The located attach- 
ment is provided to a mobile device. 
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Description 
BACKGROUND 
Technical Field 

[0001] The present invention relates generally to the 
field of secure electronic messaging, and in particularto 
accessing message attachments. 

Description of the Related Art 

[0002] Capabilities of wireless mobile communication 
devices have expanded greatly. For example, such de- 
vices not only receive electronic messages, but can 
view attachments associated with electronic messages. 
However, difficulties arise when a mobile device wishes 
to access attachments of secure messages. This is due 
at least in part to how messages and attachments are 
structured in order to comport with a security scheme. 

SUMMARY 

[0003] In accordance with the teachings disclosed 
herein, methods and systems are provided for handling 
attachments on wireless mobile communication devic- 
es. As an example, a method can include receiving an 
attachment provided with a secure message, wherein 
the secure message itself was received by the server 
as an attachment. The secure message is processed in 
order to locate with in the secu re message the req uested 
attachment. The located attachment is provided to the 
mobile device. 

[0004] As another example, a system can include a 
server having a data store that stores a secure message 
and its associated attachment. The secure message 
contains a secure layer such that the secure message 
is received by the server as an attachment itself. A se- 
cure message processing module looks into the secure 
message through the secure layer in order to locate the 
attachment. The located attachment is provided to the 
mobile device. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0005] 

Fig. 1 is a block diagram of a messaging system. 
Fig. 2 is a block diagram illustrating a secure e-mail 
message exchange in a messaging system. 
Fig. 3 is a block diagram illustrating a mobile device 
accessing an attachment. 

Fig. 4 is a flow chart depicting an operational sce- 
nario wherein a mobile device accesses an attach- 
ment. 

Fig. 5 is a block diagram illustrating a mobile device 

receiving a rendered attachment. 

Fig. 6 is a block diagram illustrating a mobile device 



providing a key to a server for use in accessing an 
attachment. 

Fig. 7 is a block diagram of a wireless mobile com- 
munication device. 

5 

DETAILED DESCRIPTION 

[0006] The attachment accessing methods and sys- 
tems disclosed herein may be used with many different 
10 types of secure messaging schemes. As an illustration, 
in a public key cryptography scheme, each user has a 
key pair including a public key that is distributed or avail- 
able to other users and a private key that is known only 
to the user that is the "owner" of the key pair. For secure 
15 messaging operations based on public key cryptogra- 
phy, a user uses a private key to decrypt received en- 
crypted messages and to sign messages to be sent. 
Public keys are used to encrypt messages to be sent 
and to verify digital signatures on received messages. 
Thus, access to public keys of other users is required 
for different secure messaging operations. 
[0007] Secure messages may be signed with a digital 
signature, encrypted, or both signed and encrypted, and 
may also be processed in other ways by a message 
sender or intermediate system between a message 
sender and a messaging client which receives the se- 
cure message. For example, secure messages include 
messages that have been signed ; encrypted and then 
signed, or signed and then encrypted, by a message 
sender according to variants of Secure Multipurpose In- 
ternet Mail Extensions (S/MIME). A secure message 
could similarly be encoded, compressed or otherwise 
processed either before or after being signed and/or en- 
crypted. 

[0008] A messaging client allows a system on which 
it operates to receive and possibly also send messages. 
Messaging clients operate on a computer system, a 
handheld device, or any other system or device with 
communications capabilities. Many messaging clients 
also have additional non-messaging functions. 
[0009] Fig. 1 is a block diagram of a messaging sys- 
tem. The system 10 includes a Wide Area Network 
(WAN) 12, coupled to a computer system 14, a wireless 
network gateway 16, and a Local Area Network (LAN) 
1 8 (e.g., a corporate LAN). The wireless network gate- 
way 1 6 is also coupled to a wireless communication net- 
work 20, in which a wireless mobile communication de- 
vice 22 ("mobile device") is configured to operate. 
[001 0] The computer system 1 4 is a desktop or laptop 
personal computer (PC), which is configured to commu- 
nicate to the WAN 12, which is the Internet in most im- 
plementations. PCs. such as computer system 14, nor- 
mally access the Internet through an Internet Service 
Provider (ISP), an Application Service Provider (ASP), 
or the like. 

[001 1] The LAN 1 8 is a network-based messaging cli- 
ent. It is normally located behind a security firewall 24. 
Within the LAN 1 8, a message server 26, operating on 
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a computer behind the firewall 24, serves as the primary 
interface for the corporation to exchange messages 
both within the LAN 1 8, and with other external messag- 
ing clients via the WAN 12. Two known message servers 
26 are Microsoft™ Exchange server and Lotus Domi- 
no™ server. These servers 26 are often used in con- 
junction with Internet mail routers that route and deliver 
mail messages. A server such as the message server 
26 also typically provides additional functionality, such 
as dynamic database storage for calendars, todo lists, 
task lists, e-mail, electronic documentation, etc. 
[0012] The message server 26 provides messaging 
capabilities to the corporation's networked computer 
systems 28 coupled to the LAN 18. A typical LAN 18 
includes multiple computer systems 28, each of which 
implements a messaging client, such as Microsoft Out- 
look™, Lotus Notes, etc. Within the LAN 18, messages 
are received by the message server 26, distributed to 
the appropriate mailboxes for user accounts addressed 
in the received message, and then accessed by a user 
through a computer system 28 operating as a messag- 
ing client. 

[001 3] The wireless gateway 1 6 provides an interface 
to a wireless network 20, through which messages are 
exchanged with a mobile device 22. Such functions as 
addressing of the mobile device 22, encoding or other- 
wise transforming messages for wireless transmission, 
and any other required interface functions are per- 
formed by the wireless gateway 1 6. Although the wire- 
less gateway 16 operates with the single wireless net- 
work 20 in Fig. 1 , wireless gateways may be configured 
to operate with more than one wireless network in alter- 
native embodiments, in which case the wireless gate- 
way may also determine a most likely network for locat- 
ing a given mobile device user and may also track users 
as they roam between countries or networks. 
[001 4] Any computer system 14,28 with access to the 
WAN 12 may exchange messages with a mobile device 
22 through the wireless network gateway 16. Alterna- 
tively, private wireless network gateways, such as wire- 
less Virtual Private Network (VPN) routers, could be im- 
plemented to provide a private interface to a wireless 
network. For example, a wireless VPN router imple- 
mented in the LAN 1 8 would provide a private interface 
from the LAN 1 8 to one or more mobile devices such as 
the mobile device 22 through the wireless network 20. 
Wireless VPN routers and other types of private inter- 
faces to the mobile device 22 may effectively be extend- 
ed to entities outside the LAN 18 by providing a mes- 
sage forwarding or redirection system that operates with 
themessageserver26. Such a redirection system is dis- 
closed in United States Patent No. 6,219,694, which is 
hereby incorporated into this application by reference. 
In this type of redirection system, incoming messages 
received by the message server 26 and addressed to a 
user of a mobile device 22 are sent through the wireless 
network interface, either a wireless VPN router, wireless 
gateway 16 or other interface, to the wireless network 



20 and to the user's mobile device 22. Another alternate 
interface to a user's mailbox on a message server 26 is 
a Wireless Application Protocol (WAP) gateway, 
through which a list of messages in a user's mailbox on 
5 the message server 26, and possibly each message or 
a portion of each message, could be sent to the mobile 
device 22. 

[0015] Wireless networks such as the wireless net- 
work 20 normally deliver information to and from mobile 

10 devices via RF transmissions between base stations 
and the mobile devices. The wireless network 20 may ; 
for example, be a data-centric wireless network, a voice- 
centric wireless network, or a dual-mode network that 
can support both voice and data communications over 

15 the same infrastructure. Known data-centric network in- 
clude the Mobitex™ Radio Network ("Mobitex"), and the 
DataTAC™ Radio Network ("DataTAC"). Examples of 
known voice-centric data networks include Personal 
Communication Systems (PCS) networks like Global 

20 System for Mobile Communications (GSM) and Time Di- 
vision Multiple Access (TDMA) systems. Dual-mode 
wireless networks include Code Division Multiple Ac- 
cess (CDMA) networks. General Packet Radio Service 
(GPRS) networks, and so-called third-generation (3G) 

25 networks, such as Enhanced Data rates for Global Ev- 
olution (EDGE) and Universal Mobile Telecommunica- 
tions Systems (UMTS), which are currently underdevel- 
opment. 

[001 6] The mobile device 22 is a data communication 
30 device, a voice communication device, or a multiple- 
mode device capable of voice, data and other types of 
communications. An exemplary mobile device 22 is de- 
scribed in further detail below. 

[001 7] Perhaps the most common type of messaging 

35 currently in use is e-mail. In a standard e-mail system, 
an e-mail message is sent by an e-mail sender, possibly 
through a message server and/or a service provider sys- 
tem, and is then routed through the Internet, when nec- 
essary, to one or more message receivers. E-mail mes- 

40 sages are normally sent in the clear and typically use 
Simple Mail Transfer Protocol (SMTP) headers and Mul- 
ti-purpose Internet Mail Extensions (MIME) body parts 
to define the format of the e-mail message. 
[001 8] In recent years, secure messaging techniques 

45 have evolved to protect both the content and integrity of 
messages, such as e-mail messages. S/MIME and Pret- 
ty Good Privacy™ (PGP™) are two public key secure 
e-mail messaging protocols that provide for both en- 
cryption, to protect data content, and signing, which pro- 

50 tects the integrity of a message and provides for sender 
authentication by a message receiver. In addition to uti- 
lizing digital signatures and possibly encryption, secure 
messages may also be encoded, compressed or other- 
wise processed. 

55 [0019] Fig. 2 is a block diagram illustrating a secure 
e-mail message exchange in a messaging system. The 
system includes an e-mail sender 30 coupled to a WAN 
32, and a wireless gateway 34, which provides an inter- 
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face between the WAN 32 and a wireless network 36. 
A mobile device 38 is adapted to operate within the wire- 
less network 36. 

[0020] The e-mail sender 30 is a PC, such as the sys- 
tem 14 in Fig. 1 . a network-connected computer, such 
as computer 28 in Fig. 1 , or a mobile device, on which 
a messaging client operates to enable e-mail messages 
to be composed and sent. The WAN 32, wireless gate- 
way 34, wireless network 36 and mobile device 38 are 
substantially the same as similarly-labelled components 
in Fig. 1 . 

[0021] In an example digital signature scheme, a se- 
cure e-mail message sender 30 digitally signs a mes- 
sage by taking a digest of the message and signing the 
digest using the sender's private key. A digest may, for 
example, be generated by performing a check-sum, a 
Cyclic Redundancy Check (CRC), a hash, or some oth- 
er non-reversible operation on the message. This digest 
is then digitally signed by the sender using the sender's 
private key. The private key is used to perform an en- 
cryption or some other transformation operation on the 
digest to generate a digest signature. A digital signature, 
including the digest and the digest signature, is then ap- 
pended to the outgoing message. In addition, a digital 
Certificate (Cert) of the sender, which includes the send- 
er's public key and sender identity information that is 
bound to the public key with one or more digital signa- 
tures, and possibly any chained Certs and Certificate 
Revocation Lists (CRLs) associated with the Cert and 
any chained Certs, is often included with the outgoing 
message. 

[0022] The secure e-mail message 40 sent by the e- 
mail sender 30 includes a component 42 including the 
sender's Cert, Cert chain, CRLs and digital signature 
and the signed message body 44. In the S/MIME secure 
messaging technique, Certs, CRLs and digital signa- 
tures are normally placed at the beginning of a message 
as shown in Fig. 2. and the message body is included 
in a file attachment. Messages generated by other se- 
cure messaging schemes may place message compo- 
nents in a different order than shown or include addi- 
tional and/or different components. For example, a 
signed message 40 may include addressing informa- 
tion, such as "To:" and "From:" email addresses, and 
other header information not shown in Fig. 2. 
[0023] When the secure e-mail message 40 is sent 
from the e-mail sender 30, it is routed through the WAN 
32 to the wireless gateway 34, through the wireless net- 
work 36, and then to the mobile device 38. As described 
above, an e-mail message sender may alternatively 
send a message directly to a wireless gateway, to a 
computer system associated with a mobile device, or to 
a wireless VPN router or other interface for delivery to 
a mobile device. 

[0024] The receiver of the signed message 40, the 
mobile device 38, typically verifies the digital signature 
42 in the secure message 40 by generating a digest of 
the message body 44, extracting the transmitted digest 



from the digital signature 42, comparing the generated 
digest with the digest extracted from the digital signature 
42, and then verifying the digest signature in the digital 
signature. The digest algorithm used by a secure mes- 

5 sage receiver to generate the generated digest is the 
same as the algorithm used by themessagesender, and 
is normally specified in a message header, or possibly 
in a digital signature of the secure message. Commonly 
used digest algorithm include the Secure Hash Algo- 

10 hthm 1 (SHA1) and Message-Digest Algorithm 5 (MD5), 
although other digest algorithms may be used. It should 
be appreciated that the systems and methods described 
herein are in no way limited to the above, or any other 
digital signature scheme. 

15 [0025] In order to verify the digest signature, the re- 
ceiver 38 retrieves the public key of the sender 30, gen- 
erally by extracting the public key from the sender's Cert 
42 attached to the message 40, and then verifies the 
signature on the digest in the digital signature by per- 

20 forming a reverse transformation on the digest signa- 
ture. For example, if the message sender 30 generated 
the digest signature by encrypting the digest using its 
private key. then a receiver 38 uses the sender's public 
key to decrypt the digest signature to recoverthe original 

25 digest. The secure message 40 shown in Fig. 2 includes 
the sender's Cert 42, from which the sender's public key 
can be extracted. Where the sender's public key was 
extracted from an earlier message from the sender 30 
and stored in a key store in the receiver's local store, 

30 the sender's public key may instead be retrieved from 
the local store. Alternatively, the public key may be re- 
trieved from the sender's Cert stored in a local store, or 
from a Public Key Server (PKS). A PKS is a server that 
is normally associated with a Certificate Authority (CA) 

35 from which a Cert for an entity, including the entity's pub- 
lic key, is available. A PKS might reside within a corpo- 
rate LAN such as 18 (Fig. 1), or anywhere on the WAN 
32, Internet or other network or system through which 
message receivers may establish communications with 

40 the PKS. 

[0026] The Cert, Cert chain and CRLs 42 are used by 
a receiver to ensure that the sender's Cert is valid, i.e.. 
that the Cert has not been revoked or expired, and is 
trusted. A Cert is often part of a Cert chain, which in- 

45 eludes a user's Cert as well as other Certs to verify that 
the user's Cert is authentic. For example, a Cert for any 
particular entity typically includes the entity's public key 
and identification information that is bound to the public 
key with a digital signature. Several types of Cert cur- 

50 rently in use include, for example, X.509 Certs, which 
are typically used in S/MIME, and PGP Certs, which 
have a slightly different format. The digital signature in 
a Cert is generated by the issuer of the Cert, and is 
checked by a message receiver as described above. A 

55 Cert may include an expiry time or validity period from 
which a messaging client determines if the Cert has ex- 
pired. When a CRL is available, the Cert is checked 
against the CRL to ensure that the Cert has not been 
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revoked. 

[0027] If the digital signature in a message sender's 
Cert is verified, the Cert has not expired or been re- 
voked , and the issuer of the Cert is trusted by a message 
receiver, then the digital signature of the message is 
trusted by the message receiver. If the issuer of the Cert 
is not trusted, then the message receiver traces a cer- 
tification path through the Cert chain to verify that each 
Cert in the chain was signed by its issuer, whose Cert 
is next in the Cert chain, until a Cert is found that was 
signed by a root Cert from a trusted source, such as a 
large PKS. Once a root Cert is found, then a signature 
can be trusted, because both the sender and receiver 
trust the source of the root Cert. 

[0028] If a secure message was encrypted or other- 
wise processed by a message sender after being 
signed, then each receiver first decrypts or performs 
other inverse processing operations on the message 
before signature verification is performed. Where en- 
cryption or other processing was performed before sign- 
ing, however, inverse processing such as decryption is 
performed after signature verification. Encryption and 
decryption involve applying a cryptographic key and ci- 
pher algorithm to information to be encrypted or decrypt- 
ed. Encryption and decryption use corresponding cipher 
algorithms, which may or may not be the same, and ei- 
ther the same or different cryptographic keys. In public 
key systems, different keys are used for encryption and 
decryption, whereas in "shared secret" type operations, 
the same key, a secret shared between a sender and 
recipient, is used for both encryption and decryption. 
[0029] Access to a user's public key is also used when 
an outgoing message addressed to that user is to be 
encrypted according to a public key encryption algo- 
rithm. However when an error is encountered during a 
public key access operation, known messaging clients 
provide little or no information as to the nature of any 
errors and possible solutions. 

[0030] Fig. 3 illustrates a mobile device 100 wishing 
to access an attachment 1 02 that is attached to a secure 
message 104. In Fig. 3, the secure message scheme 
used in this example treats the secure message 1 04 it- 
self as an attachment. As an illustration, when a server 
106 receives an S/MIME message 104, the S/MIME 
message 1 04 is (at least initially) perceived by the server 
106 as an attachment due to how the S/MIME message 
104 is structured. Such a scheme may be considered 
as having an attachment 1 02 within another attachment 
(i.e., the secure message 1 04). 

[0031] A reason that a secure message 1 04 appears 
as an attachment to an e-mail program (e.g., Microsoft 
Outlook) or to the server 106 is that the message has 
been enveloped (e.g., encrypted or otherwise protect- 
ed) with a secure layer. For example, the secure layer 
can result from the message being encrypted using a 
random symmetric key, wherein that symmetric key may 
then be encrypted using the recipient's public key and 
sent along with the message. If a message is being sent 



to multiple recipients, the symmetric key is encrypted 
separately by every recipient's public key. The envel- 
oped message and the encrypted symmetric keys are 
packaged together and also may be protected via a dig- 

5 ital signature. 

[0032] More specifically, since S/MIME is used to se- 
cure MIME entities, a MIME entity that is secured as 
such can bethought of as the "inside" MIME entity. That 
is, it is the "innermost" object of a larger MIME message. 

10 One or more attachments may be contained within a 
MIME entity. These aspects are further discussed in 
RFC 2633 (version 3) entitled "S/MIME Version 3 Mes- 
sage Specification." It should be understood that mes- 
sage security techniques other than S/MIME may be 

15 used that result in a secure layer that envelops or wraps 
message components and which need to be processed 
by the systems and methods disclosed herein. 
[0033] An attachment 102 contained within a secure 
message 1 04 that a mobile device 1 00 wishes to obtain 

20 may be any type of file, such as a textual/word process- 
ing document. The attachment 102 may also be an im- 
age, audio or video file. 

[0034] Because the mobile device 1 00 is typically re- 
source-limited and in order to save bandwidth, the mes- 

25 sage server 106 may elect not to initially send the at- 
tachment 1 02 to the mobile device 1 00 over a wireless 
connector system 108. While viewing the message on 
the mobile device 1 00, a user can request that the mes- 
sage's associated attachment data 102 be transmitted 

30 to the mobile device 100 over the wireless connector 
system 1 08. It is noted that the wireless connector sys- 
tem 1 08 may include a wireless network, wireless gate- 
way, and/or wide area network. 
[0035] The server 106 receives the attachment re- 

35 quest 110 and uses the identifying information con- 
tained within the attachment request 110 to locate the 
proper attachment 102. The server 106 contains com- 
puter instructions, such as a secure message process- 
ing module 112. to look inside the secure message 1 04 

40 to locate the attachment 1 02. In order to look inside the 
secure message 104, decryption operations may need 
to take place. Location of the attachment 1 02 within the 
secure message 104 can be accomplished in many 
ways, such as by locating a MIME field that contains or 

45 is associated with the desired attachment. 

[0036] Once located, the server 106 sends over the 
wireless connector system 108 the requested attach- 
ment 114 to the mobile device 100. The mobile device 
1 00 can then use the transmitted attachment 1 1 4 in any 

50 way permitted for the attachment, such as to view the 
attachment 114 or play an audio attachment. 
[0037] Fig. 4 illustrates an operational scenario 
wherein a mobile device accesses an attachment. At 
step 200, a mobile device receives a secure message. 

55 |f the secure message has one or more attachments, 
then the mobile device typically displays an icon to the 
user in orderto indicate that an attachment is associated 
with the message and can be provided to the user. The 
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server may provide an indication to the mobile device 
that the secure message has an attachment, and the 
server's indication is used by the mobile device to indi- 
cate to the mobile device's user that the secure mes- 
sage has an attachment. Additionally, it should be un- 
derstood that there may be situations where an attach- 
ment is to be provided to a mobile device other than a 
user indicating a desire to retrieve an attachment. As an 
illustration, a mobile device may automatically retrieve 
an attachment based upon the message being opened. 
[0038] If the attachment is to be retrieved, then at step 
202 the mobile device provides a request to have the 
attachment provided to it. At step 204, the server re- 
ceives the attachment request. The attachment request 
may use many different approaches to indicate which 
attachment(s) the mobile device wishes to receive. For 
example, the device can specify which attachment it is 
interested in by using a message attachment indexing 
system that the device and server both understand. 
When the user wishes to view an attachment in an SI 
MIME message, the device sends the appropriate at- 
tachment identifier to the server. The server performs 
an index lookup to find the attachment or the message 
containing the attachment based upon the identifier. 
[0039] At step 206, the server processes the secure 
message encoding and finds the attachment within the 
secure message. At step 208, the server provides the 
attachment to the mobile device. The mobile device pro- 
vides the attachment to the user at step 21 0. It should 
be understood that the steps in the flowchart need not 
necessarily include all of the steps disclosed herein and 
may include further steps and operations. For example, 
the server may initially look inside the secure message, 
such as by decrypting the secure message, to deter- 
mine whether any attachments are associated with the 
secure message. The server can provide an indication 
to the mobile device as to whether the secure message 
contained any attachments (which indication can then 
be provided to the user). 

[0040] As another example, the server may render the 
attachment before transmitting it to the mobile device. 
As shown in Fig. 5, the server 106 may render the at- 
tachment 102 so that the attachment 102 can be more 
easily viewed (provided that the attachment is of the 
type that can be viewed by the mobile device). A ren- 
dering operation software module 300 accessible by the 
server 1 06 can perform the proper rendering of the at- 
tachment 1 02 so that the resource-limited mobile device 
100 does not have to perform such operations. 
[0041] The rendering operation software module 300 
renders the attachment 1 02 so as to be compatible with 
the attachment viewing software used by the mobile de- 
vice 100. If needed, module 300 can access a lookup 
table to determine which format to use to render the at- 
tachment 102 for a particular mobile device 100. It 
should be understood that other approaches may be 
used, such as the mobile device 100 indicating to the 
server 106 which format should be used to render the 



attachment 102, or the server 1 06 providing attachment 
viewing software to the mobile device 100 so that the 
mobile device 100 may view the rendered attachment 
114. 

5 [0042] The rendered attachment 1 1 4 is transmitted to 
the mobile device 100 and viewed normally on the mo- 
bile device 100. The server 106 may transmit all or a 
portion of the attachment 1 02. In the situation of the lat- 
ter, if the mobile device 1 00 wants to see additional por- 

10 tions of the attachment 102, then the server 106 will 
send additional portions of the attachment 102 in re- 
sponse to a request by the mobile device 1 00. 
[0043] Other operations can be performed with re- 
spect to the secure message and its attachment(s). For 

15 example, if a message is just signed, then the server 
can process the secure message encoding and find the 
attachment. However, if the message is encrypted, then 
the server uses one or more symmetric/asymmetric 
keys that are needed to decrypt the secure message. 

20 [0044] As shown in Fig. 6, the mobile device 100 may 
provide the session key 402 (which was used to encrypt 
the secure message 1 04) to the server 1 06 with the at- 
tachment request 1 1 0. The server 1 06 accesses an en- 
cryption/decryption processing module 400 to decrypt 

25 the secure message 1 04 using the transmitted session 
key 402. After the secure message 104 had been de- 
crypted by the module 400, the secure message 
processing module 112 looks into the secure message 
104 and obtains the attachment 102. The attachment 

30 302 is transmitted for use by the mobile device 1 00. The 
attachment 302 is optionally rendered as described 
above before transmission to the mobile device 100. 
[0045] It will be appreciated that the systems and 
methods are disclosed by way of example only. Many 

35 variations on the systems and methods described 
above are within the scope of the invention as claimed, 
whether or not expressly described. For example, the 
operations disclosed herein may be implemented as the 
secure message processing module may comprise one 

40 or more modules in order to handle a secure message 
and its attach ment(s). Data structures may be used as 
part of the operations, such as to store data needed to 
access the attachment contained within a secure mes- 
sage. Still further, data signals transmitted using a com- 

45 munication channel may be used with the systems and 
methods. The data signals can include any type of data, 
such as the data and attachments transmitted to and/or 
from a mobile device. The data signal may be pack- 
etized data that is transmitted through a carrier wave or 

50 other medium across the network. Computer-readable 
media may be provided to and used with the mobile de- 
vice that is capable of causing a mobile device to per- 
form the methods and implement the systems disclosed 
herein. 

55 [0046] As another example, the methods and sys- 
tems may be used with a wide assortment of electronic 
devices, such as a personal digital assistant (PDA) de- 
vice or the mobile device 600 shown in FIG 7. With ref- 
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erence to Fig. 7. the mobile device 600 is preferably a 
two-way communication device having at least voice 
and data communication capabilities. The mobile device 
600 preferably has the capability to communicate with 
other computer systems on the Internet. Depending on 
the functionality provided by the device, the device may 
be referred to as a data messaging device, a two-way 
pager, a cellular telephone with data messaging capa- 
bilities, a wireless Internet appliance or a data commu- 
nication device (with or without telephony capabilities). 
[0047] The mobile device 600 includes a transceiver 
611 . a microprocessor 638, a display 622, non-volatile 
memory 624, RAM 626, auxiliary input/output (I/O) de- 
vices 628, a serial port 630, a keyboard 632, a speaker 
634, a microphone 636, a short-range wireless commu- 
nications sub-system 640, and other device sub-sys- 
tems 642. The transceiver 611 includes transmit and re- 
ceive antennas 616, 618, a receiver (Rx) 612, a trans- 
mitter (Tx) 614, one or more local oscillators (LOs) 613, 
and a digital signal processor (DSP) 620. Within the 
non-volatile memory 624, the mobile device 600 in- 
cludes a plurality of software modules 624A-624N that 
can be executed by the microprocessor 638 (and/or the 
DSP 620), including a voice communication module 
624A, a data communication module 624B, and a plu- 
rality of other operational modules 624N for carrying out 
a plurality of other functions. 

[0048] As described above, the mobile device 600 is 
preferably a two-way communication device having 
voice and data communication capabilities. Thus, for ex- 
ample, the mobile device 600 may communicate over a 
voice network, such as any of the analog or digital cel- 
lular networks, and may also communicate over a data 
network. The voice and data networks are depicted in 
Fig. 7 by the communication tower 61 9. These voice and 
data networks may be separate communication net- 
works using separate infrastructure, such as base sta- 
tions, network controllers, etc., or they may be integrat- 
ed into a single wireless network. 
[0049] The communication subsystem 611 is used to 
communicate with the network 619. The DSP 620 is 
used to send and receive communication signals to and 
from the transmitter 61 4 and receiver 61 2, and may also 
exchange control information with the transmitter 614 
and receiver 612. If the voice and data communications 
occur at a single frequency, or closely-spaced set of fre- 
quencies, then asingle LO 613 may be used in conjunc- 
tion with the transmitter 61 4 and receiver 612. Alterna- 
tively, if different frequencies are utilized for voice com- 
munications versus data communications, then a plural- 
ity of LOs 613 can be used to generate a plurality of 
frequencies corresponding tothe network 61 9. Although 
two antennas 61 6, 61 8 are depicted in Fig. 7, the mobile 
device 600 could be used with a single antenna struc- 
ture. Information, which includes both voice and data in- 
formation, is communicated to and from the communi- 
cation module 611 via a link between the DSP 620 and 
the microprocessor 638. 



[0050] The detailed design of the communication sub- 
system 611 , such as frequency band, component selec- 
tion, power level, etc., will be dependent upon the com- 
munication network 61 9 in which the mobile device 600 
5 is intended to operate. For example, a mobile device 
600 intended to operate in a North American market 
may include a communication subsystem 611 designed 
to operate with the Mobitex or DataTAC mobile data 
communication networks and also designed to operated 
10 with any of a variety of voice communication networks, 
such as AMPS, TDMA, CDMA, PCS, etc.. whereas a 
mobile device 600 intended for use in Europe may be 
configured to operate with the GPRS data communica- 
tion network and the GSM voice communication net- 
's work. Othertypes of data and voice networks, both sep- 
arate and integrated, may also be utilized with the mo- 
bile device 600. 

[0051] Depending upon the type of network 61 9, the 
access requirements for the dual-mode mobile device 

20 600 may also vary. For example, in the Mobitex and Da- 
taTAC data networks, mobile devices are registered on 
the network using a unique identification number asso- 
ciated with each device. In GPRS data networks, how- 
ever, network access is associated with a subscriber or 

25 user of a mobile device 600. A GPRS device typically 
requires a subscriber identity module ("SIM"), which is 
required in order to operate the mobile device 600 on a 
GPRS network. Local or non-network communication 
functions (if any) may be operable, without the SIM, but 

30 the mobile device 600 will be unable to carry out any 
functions involving communications over the network 
619, other than any legally required operations, such as 
'911' emergency calling. 

[0052] After any required network registration or acti- 

35 vation procedures have been completed, the mobile de- 
vice 600 may send and receive communication signals, 
preferably including both voice and data signals, over 
the network 619. Signals received by the antenna 616 
from the communication network 61 9 are routed to the 

40 receiver61 2, which provides forsignal amplification, fre- 
quency down conversion, filtering, channel selection, 
etc., and may also provide analog to digital conversion. 
Analog to digital conversion of the received signal allows 
more complex communication functions, such as digital 

45 demodulation and decoding to be performed using the 
DSP 620. In a similar manner, signals to be transmitted 
to the network 61 9 are processed, including modulation 
and encoding, for example, by the DSP 620 and are then 
provided to the transmitter 61 4 for digital to analog con- 

50 version, frequency up conversion, filtering, amplification 
and transmission to the communication network 61 9 via 
the antenna 618. Although a single transceiver 611 is 
shown in Fig. 7 for both voice and data communications, 
the mobile device 600 may include two distinct trans- 

55 ceivers, a first transceiver for transmitting and receiving 
voice signals, and a second transceiver for transmitting 
and receiving data signals. 

[0053] In addition to processing the communication 
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signals, the DSP 620 also provides for receiver and 
transmitter control. For example, the gain levels applied 
to communication signals in the receiver 612 and trans- 
mitter 614 may be adaptively controlled through auto- 
matic gain control algorithms implemented in the DSP 
620. Other transceiver control algorithms could also be 
implemented in the DSP 620 in order to provide more 
sophisticated control of the transceiver 61 1 . 
[0054] The microprocessor 638 preferably manages 
and controls the overall operation of the mobile device 
600. Many types of microprocessors or microcontrollers 
could be used for this part, or, alternatively, a single DSP 
620 could be used to carry out the functions of the mi- 
croprocessor 638. Low-level communication functions, 
including at least data and voice communications, are 
performed through the DSP 620 in the transceiver 61 1 . 
Other, high-level communication applications, such as 
a voice communication application 624A, and a data 
communication application 624B may be stored in the 
non-volatile memory 624 for execution by the micro- 
processor 638. For example, the voice communication 
module 624A may provide a high-level user interface 
operable to transmit and receive voice calls between the 
mobile device 600 and a plurality of other voice devices 
via the network 619. Similarly, the data communication 
module 624B may provide a high-level user interface 
operable for sending and receiving data, such as e-mail 
messages, files, organizer information, short text mes- 
sages, etc., between the mobile device 600 and a plu- 
rality of other data devices via the network 61 9. 
[0055] The microprocessor 638 also interacts with 
other device subsystems, such as the display 622, non- 
volatile memory 624, random access memory (RAM) 
626, auxiliary input/output (I/O) subsystems 628, serial 
port 630, keyboard 632, speaker 634, microphone 636, 
a short-range communications subsystem 640 and any 
other device subsystems generally designated as 642. 
The components 628, 632, 634 and 636 are examples 
of the types of subsystems that could be provided as 
users interfaces. The modules 624A-N are executed by 
the microprocessor 638 and may provide a high-level 
interface between a user of the mobile device and the 
mobile device. This interface typically includes a graph- 
ical component provided through the display 622. and 
an input/output component provided through the auxil- 
iary I/O 628, keyboard 632, speaker 634, or microphone 
636. 

[0056] Some of the subsystems shown in Fig. 7 per- 
form communication-related functions, whereas other 
subsystems may provide "resident" or on-device func- 
tions. Notably, some subsystems, such as keyboard 632 
and display 622 may be used for both communication- 
related functions, such as entering a text message for 
transmission over a data communication network, and 
device-resident functions such as a calculator or task 
list or other PDA type functions. 
[0057] Operating system software used by the micro- 
processor 638 is preferably stored in a persistent store 



such as non-volatile memory 624. In addition to the op- 
erating system and communication modules 624A-N, 
the non-volatile memory 624 may also include a file sys- 
tem for storing data. A storage area is also preferably 

5 provided in the non-volatile memory 624 to store public 
keys, a private key, and other information required for 
secure messaging. The operating system, specific de- 
vice applications or modules, or parts thereof, may be 
temporarily loaded into a volatile store, such as RAM 

10 626 for faster operation. Moreover, received communi- 
cation signals may also be temporarily stored to RAM 
626 before permanently writing them to a file system lo- 
cated in the non-volatile store 624. As those skilled in 
the art will appreciate, the non-volatile store 624 may be 

15 implemented as a Flash memory component or a bat- 
tery backed-up RAM, for example. 
[0058] An exemplary application module 624N that 
may be loaded onto the mobile device 600 is a personal 
information manager (PIM) application providing PDA 

20 functionality, such as calendar events, appointments, 
and task items. This module 624N may also interact with 
the voice communication module 624A for managing 
phone calls, voice mails, etc., and may also interact with 
the data communication module 624B for managing e- 

25 mail communications and other data transmissions. Al- 
ternatively, all of the functionality of the voice communi- 
cation module 624A and the data communication mod- 
ule 624B may be integrated into the PIM module. 
[0059] The non-volatile memory 624 preferably pro- 

30 vides a f i le system to f aci I itate sto rage of P I M data items 
on the device. The PIM application preferably includes 
the ability to send and receive data items, either by itself, 
or in conjunction with the voice and data communication 
modules 624A, 624B, via the wireless network 619. The 

35 pim data items are preferably seamlessly integrated, 
synchronized and updated, via the wireless network 
619, with a corresponding set of data items stored or 
associated with a host computer system, thereby creat- 
ing a mirrored system for data items associated with a 

40 particular user. 

[0060] The mobile device 600 may also be manually 
synchronized with a host system by placing the mobile 
device 600 in an interface cradle, which couples the se- 
rial port 630 of the mobile device 600 to the serial port 

45 of the host system. The serial port 630 may also be used 
to download other application modules 624N for instal- 
lation, and to load Certs, keys and other information onto 
a device. This wired download path may be used to load 
an encryption key onto the mobile device 600, which is 

50 a more secure method than exchanging encryption in- 
formation via the wireless network 61 9. 
[0061] Additional application modules 624N may be 
loaded onto the mobile device 600 through the network 
619, through an auxiliary I/O subsystem 628, through 

55 the serial port 630, through the short-range communi- 
cations subsystem 640, or through any other suitable 
subsystem 642, and installed by a user in the non-vol- 
atile memory 624 or RAM 626. Such flexibility in appli- 
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cation installation increases the functionality of the mo- 
bile device 600 and may provide enhanced on-device 
functions, communication-related functions, orboth. For 
example, secure communication applications may ena- 
ble electronic commerce functions and other such finan- 
cial transactions to be performed using the mobile de- 
vice 600. 

[0062] When the mobile device 600 is operating in a 
data communication mode, a received signal, such as 
a text message or a web page download, is processed 
by the transceiver 61 1 and provided to the microproces- 
sor 638, which preferably further processes the received 
signal for output to the display 622, or, alternatively, to 
an auxiliary I/O device 628. A user of mobile device 600 
may also compose data items, such as email messages, 
using the keyboard 632, which is preferably a complete 
alphanumeric keyboard laid out in the QWERTY style, 
although other styles of complete alphanumeric key- 
boards such as the known DVORAK style may also be 
used. User input to the mobile device 600 is further en- 
hanced with a plurality of auxiliary I/O devices 628, 
which may include a thumbwheel input device, a touch- 
pad, a variety of switches, a rocker input switch, etc. The 
composed data items input by the user may then be 
transmitted over the communication network 61 9 via the 
transceiver 611 . 

[0063] When the mobile device 600 is operating in a 
voice communication mode, the overall operation of the 
mobile device 600 is substantially similar to the data 
mode, exceptthat received signals are preferably output 
to the speaker 634 and voice signals for transmission 
are generated by a microphone 636. Alternative voice 
or audio I/O subsystems, such as a voice message re- 
cording subsystem, may also be implemented on the 
mobile device 600. Although voice or audio signal output 
is preferably accomplished primarily through the speak- 
er 634, the display 622 may also be used to provide an 
indication of the identity of a calling party, the duration 
of a voice call, or other voice call related information. 
For example, the microprocessor 638, in conjunction 
with the voice communication module 624A and the op- 
erating system software, may detect the caller identifi- 
cation information of an incoming voice call and display 
it on the display 622. 

[0064] A short-range communications subsystem 640 
is also included in the mobile device 600. For example, 
the subsystem 640 may include an infrared device and 
associated circuits and components, or a short-range 
wireless communication module such as a Bluetooth™ 
communication module or an 802.1 1 module to provide 
for communication with similarly-enabled systems and 
devices. Those skilled in the art will appreciate that 
"Bluetooth" and "802.11" refer to sets of specifications, 
available from the Institute of Electrical and Electronics 
Engineers (IEEE), relating to wireless personal area 
networks and wireless LANs, respectively. 



Claims 

1. A method for handling secure message attach- 
ments for a mobile device, comprising the steps of: 

5 

receiving at a server a second attachment pro- 
vided within a secure message; 

wherein the secure message itself was re- 
10 ceived by the server as a first attachment; 

requesting the second attachment at the mo- 
bile device; 

processing the secure message in order to lo- 
cate within the secure message the second attach- 
es ment; and 

providing the second attachment to the mo- 
bile device. 

2. The method of claim 1 , wherein the secure mes- 
20 sage is structured according to a security scheme 

such that the secure message is handled as an at- 
tachment by the server. 

3. The method of claim 2, wherein the security scheme 
25 includes a symmetric key scheme. 

4. The method of claim 2, wherein thesecurity scheme 
includes an asymmetric key scheme. 

30 5. The method of claim 2, wherein thesecurity scheme 
is a Secure Multipurpose Internet Mail Extensions 
(S/MIME) scheme. 

6. The method according to one of the claims 1 to 5, 
35 wherein the secure message is structured such that 

a secure layer has been added to the message and 
the second attachment. 

7. The method of claim 6, wherein the secure layer 
40 acts as an envelope with respect to the message 

and the second attachment. 

8. The method according to one of the claims 6 to 7. 
wherein the secure layer was generated during an 

45 encryption operation. 

9. The method according to one of the claims 6 to 8. 
wherein a session key is received bytheserverfrom 
the mobile device for use by the server to decrypt 

50 the secure message. 

10. The method according to one of the claims 6 to 9 . 
wherein the secure layer was generated during a 
digital signature operation. 

55 

11. The method according to one of the claims 6 to 10, 
wherein the secure layer was generated during an 
encryption operation. 
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12. The method according to one of the claims 1 to 11 , 
wherein the second attachment is selected from the 
group consisting of: a textual document, word 
processing document, audiofile, imagefile, orvideo 
file. 

13. The method according to one of the claims 1 to 12, 
wherein the secure message without the second at- 
tachment is sent from the server to the mobile de- 
vice, wherein the second attachment is provided to 
the mobile device based upon the mobile device re- 
questing the second attachment. 

14. The method of claim 13, wherein the request from 
the mobile device for the second attachment results 
from a user requesting the second attachment. 

15. The method of claim 13, wherein the request from 
the mobile device includes data to be used by the 
server to identify the second attachment that is to 
be provided to the mobile device. 

16. The method according to one of the claims 1 to 15, 
wherein the secure layer was generated during an 
encryption operation, wherein a decryption opera- 
tion is performed in order to locate within the secure 
message the second attachment. 

1 7. The method according to one of the claims 1 to 1 6, 
wherein the secure message has a plurality of at- 
tachments. 

1 8. The method according to one of the claims 1 to 1 7, 
wherein the server provides an indication to the mo- 
bile device thatthe secure message has the second 
attachment, 

wherein the indication is used by the mobile device 
to indicate to the mobile device's user that the se- 
cure message has the second attachment. 

1 9. The method according to one of the claims 1 to 18, 
wherein the second attachment is automatically 
provided by the server to the mobile device when 
the secure message is opened by the mobile de- 
vice's user. 

20. The method according to one of the claims 1 to 1 9, 
wherein the second attachment is rendered before 
being provided to the mobile device. 

21 . The method according to one of the claims 1 to 20, 
wherein means for providing a wireless network and 
means for providing a message server are used to 
communicate the located attachment to the mobile 
device. 

22. The method according to one of the claims 1 to 21 , 
wherein the mobile device is a handheld wireless 



mobile communications device. 

23. The method according to one of the claims 1 to 22, 
wherein the mobile device is a personal digital as- 

5 sistant (PDA). 

24. An apparatus located at a computer server for han- 
dling secure message attachments for a mobile de- 
vice, wherein the server receives a secure message 
containing a second attachment, comprising: 

a data store that stores the secure message 
and the second attachment; 

wherein the secure message contains a se- 
cure layer such that the secure message itself is re- 
ceived by the server as a first attachment; 

a secure message processing module that 
looks into the secure message through the secure 
layer in order to locate the second attachment; 

wherein the second attachment is provided to 
the mobile device. 

25. The apparatus of claim 24, further comprising: 

a rendering module that renders the second at- 
tachment before the second attachment is pro- 
vided to the mobile device. 

26. The apparatus according of one of the claims 24 to 
25, further comprising: 

a decryption processing module to decrypt the 
secure message so that the second attachment 
can be located within the secure message. 
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